Clark Associates
Application Security Manager - Remote
Clark Associates, Lititz, Pennsylvania, United States,
The foodservice professional’s premier source for restaurant equipment, supplies, and knowledge online. Our purpose is to empower and equip people to run their businesses more profitably and efficiently.As the largest online distributor of restaurant supplies and equipment, WebstaurantStore, a Clark Associates company, hosts an expansive catalogue with over 430,000 products that are delivered through fast, dependable shipping, making us the internet's largest restaurant supplier. Our CAST (Clark Associates Security Team) is committed to maintaining the highest standards of security and integrity in all our applications and systems.Job OverviewWe are seeking a
Hands-On Application Security Manager
who will lead our application security efforts while actively participating in technical tasks. In this role, you will function as a senior application security engineer who also guides and mentors the team. You will be instrumental in integrating security practices throughout the software development lifecycle (SDLC), securing containerized applications, securing our ecommerce platforms, and enhancing our overall security posture.Key ResponsibilitiesTechnical Leadership:Actively perform security assessments, code reviews, penetration testing, and vulnerability management.Develop and implement security measures to protect applications, including those running in containerized environments (e.g., Docker, Kubernetes).Stay current with the latest security threats, vulnerabilities, and technologies.Lead, mentor, and provide technical guidance to a team of application security engineers and analysts.Foster a collaborative environment that encourages knowledge sharing and continuous learning.Program Management:Oversee the integration of security practices into all stages of the SDLC.Implement security tools and processes within CI/CD pipelines and development workflows.Establish metrics and reporting mechanisms to track the effectiveness of the Application Security program.Security Control Integration:Collaborate with development and DevOps teams to ensure secure coding practices and secure deployment of containerized applications.Integrate security testing tools into CI/CD pipelines for both traditional and containerized applications.Policy Development:Establish and enforce secure coding standards, policies, and procedures across the organization.Ensure compliance with relevant security standards and regulations.Identify, assess, and prioritize application security risks, including those specific to container technologies.Develop and oversee remediation plans to address identified vulnerabilities.Work closely with product managers, developers, and other stakeholders to integrate security requirements into product development.Provide security design reviews and consultations for new and existing projects.Advocate for security best practices across the organization.Reporting:Provide regular updates on security metrics, program status, and risk assessments to executive leadership.Communicate security issues and strategies effectively to both technical and non-technical audiences.QualificationsEducationBachelor's degree in Computer Science, Information Security, or a related field; Master's degree preferred.ExperienceMinimum of 5 years of hands-on experience in application security engineering.Proven experience leading or mentoring a team of security professionals.Extensive experience integrating security into the SDLC and CI/CD pipelines.Demonstrated expertise in securing containerized applications and environments.Technical ExpertiseApplication Security:Deep understanding of application security principles, threats, and mitigation strategies.Proficient with tools like OWASP ZAP, Burp Suite, Checkmarx, Fortify, and Veracode.Experience with OWASP Top 10, OWASP ASVS, and secure coding standards.Understanding of various API’s (REST) API Frameworks and API Security.Container Security:Strong knowledge of containerization technologies (e.g., Docker, Kubernetes).Experience securing containerized applications and implementing best practices for container security.Familiarity with container security tools like Aqua Security, Twistlock (Palo Alto Prisma), or Sysdig Secure.CI/CD and DevOps:Proficient with CI/CD tools such as Jenkins, GitLab CI/CD, or Azure DevOps.Experience integrating security tools into CI/CD pipelines for automated testing.Cloud Security:Experience with securing applications in cloud environments (e.g., AWS, Azure, GCP).Familiarity with cloud security services like AWS Security Hub or Azure Security Center.Programming and Scripting:Strong coding skills in languages such as Java, C#, Python, JavaScript, or similar.Ability to conduct code reviews and guide developers on secure coding practices.eCommerce Security:Experience with identifying, mitigating, and preventing security threats to ensure the safety and privacy of customer data and the integrity of the ecommerce systems.Conduct regular security assessments and audits of the ecommerce platform to identify vulnerabilities.Ensure that ecommerce platform complies with relevant regulatory standards such as PCI-DSS, GDPR, and CCPA.Familiarity with Web Application Firewalls and WAF logs.Incident Response:Oversee incident investigation efforts, including forensic analysis, to determine the root cause of incidents.Coordinate with cross-functional teams to ensure prompt and effective resolution of security incidents and prevent recurrence.SkillsLeadership:
Proven ability to lead and mentor a technical team effectively.Communication:
Excellent verbal and written communication skills; capable of explaining complex security concepts clearly.Problem-Solving:
Strong analytical and troubleshooting skills in resolving security issues.Industry Knowledge:
Up-to-date with the latest trends in application and container security.Time Management:
Ability to manage multiple projects and priorities efficiently.Certifications (Preferred)Certified Information Systems Security Professional (CISSP)Certified Secure Software Lifecycle Professional (CSSLP)GIAC Web Application Penetration Tester (GWAPT)Certified Kubernetes Security Specialist (CKS)Certified Information Security Manager (CISM)Location:
RemoteType:
Full-TimeDepartment:
Information SecurityRemote work qualificationsAccess to a reliable and secure high-speed internet connection. Cable or fiber internet connections (at least 75mbps download/10mbps upload) are preferred.Access to a home router and modem.A dedicated home office space that is noise- and distraction-free.A valid, physical address (apartment, suite, etc.). PO Boxes are not supported.The desire and ability to work and communicate with other team members via chat, webcam, etc.Legal residents of specified states only. H-1B Visa Sponsorship Not Available, W2 only.
#J-18808-Ljbffr
Hands-On Application Security Manager
who will lead our application security efforts while actively participating in technical tasks. In this role, you will function as a senior application security engineer who also guides and mentors the team. You will be instrumental in integrating security practices throughout the software development lifecycle (SDLC), securing containerized applications, securing our ecommerce platforms, and enhancing our overall security posture.Key ResponsibilitiesTechnical Leadership:Actively perform security assessments, code reviews, penetration testing, and vulnerability management.Develop and implement security measures to protect applications, including those running in containerized environments (e.g., Docker, Kubernetes).Stay current with the latest security threats, vulnerabilities, and technologies.Lead, mentor, and provide technical guidance to a team of application security engineers and analysts.Foster a collaborative environment that encourages knowledge sharing and continuous learning.Program Management:Oversee the integration of security practices into all stages of the SDLC.Implement security tools and processes within CI/CD pipelines and development workflows.Establish metrics and reporting mechanisms to track the effectiveness of the Application Security program.Security Control Integration:Collaborate with development and DevOps teams to ensure secure coding practices and secure deployment of containerized applications.Integrate security testing tools into CI/CD pipelines for both traditional and containerized applications.Policy Development:Establish and enforce secure coding standards, policies, and procedures across the organization.Ensure compliance with relevant security standards and regulations.Identify, assess, and prioritize application security risks, including those specific to container technologies.Develop and oversee remediation plans to address identified vulnerabilities.Work closely with product managers, developers, and other stakeholders to integrate security requirements into product development.Provide security design reviews and consultations for new and existing projects.Advocate for security best practices across the organization.Reporting:Provide regular updates on security metrics, program status, and risk assessments to executive leadership.Communicate security issues and strategies effectively to both technical and non-technical audiences.QualificationsEducationBachelor's degree in Computer Science, Information Security, or a related field; Master's degree preferred.ExperienceMinimum of 5 years of hands-on experience in application security engineering.Proven experience leading or mentoring a team of security professionals.Extensive experience integrating security into the SDLC and CI/CD pipelines.Demonstrated expertise in securing containerized applications and environments.Technical ExpertiseApplication Security:Deep understanding of application security principles, threats, and mitigation strategies.Proficient with tools like OWASP ZAP, Burp Suite, Checkmarx, Fortify, and Veracode.Experience with OWASP Top 10, OWASP ASVS, and secure coding standards.Understanding of various API’s (REST) API Frameworks and API Security.Container Security:Strong knowledge of containerization technologies (e.g., Docker, Kubernetes).Experience securing containerized applications and implementing best practices for container security.Familiarity with container security tools like Aqua Security, Twistlock (Palo Alto Prisma), or Sysdig Secure.CI/CD and DevOps:Proficient with CI/CD tools such as Jenkins, GitLab CI/CD, or Azure DevOps.Experience integrating security tools into CI/CD pipelines for automated testing.Cloud Security:Experience with securing applications in cloud environments (e.g., AWS, Azure, GCP).Familiarity with cloud security services like AWS Security Hub or Azure Security Center.Programming and Scripting:Strong coding skills in languages such as Java, C#, Python, JavaScript, or similar.Ability to conduct code reviews and guide developers on secure coding practices.eCommerce Security:Experience with identifying, mitigating, and preventing security threats to ensure the safety and privacy of customer data and the integrity of the ecommerce systems.Conduct regular security assessments and audits of the ecommerce platform to identify vulnerabilities.Ensure that ecommerce platform complies with relevant regulatory standards such as PCI-DSS, GDPR, and CCPA.Familiarity with Web Application Firewalls and WAF logs.Incident Response:Oversee incident investigation efforts, including forensic analysis, to determine the root cause of incidents.Coordinate with cross-functional teams to ensure prompt and effective resolution of security incidents and prevent recurrence.SkillsLeadership:
Proven ability to lead and mentor a technical team effectively.Communication:
Excellent verbal and written communication skills; capable of explaining complex security concepts clearly.Problem-Solving:
Strong analytical and troubleshooting skills in resolving security issues.Industry Knowledge:
Up-to-date with the latest trends in application and container security.Time Management:
Ability to manage multiple projects and priorities efficiently.Certifications (Preferred)Certified Information Systems Security Professional (CISSP)Certified Secure Software Lifecycle Professional (CSSLP)GIAC Web Application Penetration Tester (GWAPT)Certified Kubernetes Security Specialist (CKS)Certified Information Security Manager (CISM)Location:
RemoteType:
Full-TimeDepartment:
Information SecurityRemote work qualificationsAccess to a reliable and secure high-speed internet connection. Cable or fiber internet connections (at least 75mbps download/10mbps upload) are preferred.Access to a home router and modem.A dedicated home office space that is noise- and distraction-free.A valid, physical address (apartment, suite, etc.). PO Boxes are not supported.The desire and ability to work and communicate with other team members via chat, webcam, etc.Legal residents of specified states only. H-1B Visa Sponsorship Not Available, W2 only.
#J-18808-Ljbffr